Travis Cross
6a3dcc9e0f
Drop null-auth suites from our default TLS cipher list
...
Previously we disallowed anonymous Diffie-Hellman, but there are other
kinds of null-authentication TLS suites. In particular, disallowing
AECDH is important now that we support elliptic-curve Diffie-Hellman.
2014-03-05 21:37:30 +00:00
Anthony Minessale
4cf14bce50
FS-5814
2014-03-06 00:31:10 +05:00
Anthony Minessale
fe2a4bfa53
FS-5814
2014-03-05 13:12:02 -06:00
Anthony Minessale
7cb91467e0
FS-5814 --resolve
2014-03-06 00:02:40 +05:00
Anthony Minessale
066de4b378
Port commit from gitorious copy of sofia-sip our code now differs but this issue would still be a concern for OS X
...
commit ee51fa4e2993ab71339e29691aec8b924c810c53
Author: Frode Isaksen <frode.isaksen@bewan.com>
Date: Thu Aug 18 16:40:58 2011 +0300
su: fix su_time() on 64-bit OS X
The field tv_sec in struct timeval is 64bits instead of 32bits as in
su_time_t, so you cannot cast su_time_t to struct timeval.
2014-03-05 10:25:39 -06:00
Travis Cross
d5760e0d6a
Show TLS cipher suite selected in sofia debug
...
This shows the cipher name, TLS version, the number of cipher bits and
algorithm bits, and a description of the cipher in Sofia's debug
logging output on level 9.
2014-02-28 20:46:34 +00:00
Anthony Minessale
55901ae0f1
FS-6168 --resolve
2014-02-28 23:30:42 +05:00
Moises Silva
461f94870f
Merge remote-tracking branch 'origin/master' into moy/tport-log-fix
2014-02-24 19:39:17 -05:00
Travis Cross
2fe0516ac2
Fix missing/duplicate declaration
...
This looks like a copy/paste error.
FS-6037 --resolve
Thanks-to: David Sanders <dsanders@pinger.com>
2014-02-21 21:09:19 +00:00
Michael Jerris
0cebdf8fc5
fix types for reply to
2014-02-21 16:08:30 -05:00
Michael Jerris
63aea267bc
change macro name to work around conflict in openbsd
2014-02-21 15:25:50 -05:00
Michael Jerris
19f9dc12d3
change macro name to work around conflict in openbsd
2014-02-21 15:24:44 -05:00
Travis Cross
8b7d58ddf8
Rework handling of Linux TCP keepalives in Sofia
...
This separates out the Linux socket TCP keepalive timeout interval
from Sofia's internal mechanisms. Earlier we tied these together. In
retrospect this seems improper.
These two values can now be set separately.
You might, for example, want to keep the Sofia internal mechanism
disabled completely while enabling the platform-based mechanism if
your platform supports it.
We also here reform the default value of the socket TCP keepalive
parameter to 30 seconds.
This is what commit a0e9639a1f
should
have been.
FS-6104
2014-02-11 06:27:20 +00:00
Travis Cross
2b064e6393
Add additional debugging output to keepalive handling
2014-02-11 05:40:41 +00:00
Travis Cross
3ae189ca3f
Synchronize Sofia and Linux TCP keepalive timeout units
...
Sofia keeps the TCP keepalive timeout in milliseconds, but Linux
expects the value in seconds. Before this change, it's unlikely the
TCP_KEEPIDLE and TCP_KEEPINTVL calls were having much effect as we
would have been passing them a huge value.
FS-6104
2014-02-11 05:33:25 +00:00
Travis Cross
a96eefe8ee
Add support for EECDH to Sofia-SIP
...
This adds support for the ephemeral elliptic curve Diffie-Hellman key
exchange, which provides for forward secrecy in the event that
long-term keys are compromised.
For the moment, we've hard-coded the curve as prime256v1.
2014-02-06 15:40:35 +00:00
Travis Cross
c0101e2ce6
Allow setting TLS cipher suites through Sofia-SIP API
...
Previously there was no way to override the hard-coded cipher suite
specification of "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH".
This commit does leave in place the hardcoded cipher spec for WebRTC
of "HIGH:!DSS:!aNULL@STRENGTH".
2014-02-06 06:04:02 +00:00
Travis Cross
e3b353e911
Allow setting enabled TLS versions in Sofia-SIP
...
Previously if the TPTAG_TLS_VERSION was set to a non-zero value we
supported only TLSv1 (but not TLSv1.1 or TLSv1.2), and if was set to
zero we supported all versions of TLS and SSL (including the
ridiculous SSLv2).
Now we take an integer field where various bits can be set indicating
which versions of TLS we would like to support.
2014-02-06 02:17:13 +00:00
Michael Jerris
b6270f4d70
FS-6030: --resolve fix variable scoping issue for more aggressive optimizer
2014-02-05 08:46:04 -05:00
Anthony Minessale
0a3e18a308
FS-6174 --resolve after updating to this revision, put ca-bundle.crt in /usr/local/freeswitch/certs to get chain cert in place for both dtls and wss
2014-01-31 20:16:54 +05:00
Anthony Minessale
0e14b758fc
FS-6150 --resolve cool find
2014-01-27 06:57:05 +05:00
Travis Cross
a0e9639a1f
Handle Linux TCP keepalives better in Sofia
...
Sofia accepts a value for the TCP keepalive timeout interval via
TPTAG_KEEPALIVE, however it fails to use this value for the Linux
keepalive socket options TCP_KEEPIDLE and TCP_KEEPINTVL. In fact, on
Linux it enables the sending of TCP keepalives even if tpp_keepalive
is set to zero which would disable Sofia's internal keepalive
mechanisms. Sofia then uses a hard coded value of 30 seconds for
these keepalive intervals which affects battery life on mobile
devices.
With this commit we harmonize the sending of TCP keepalives on Linux
with other platforms by using the value from TPTAG_KEEPALIVE and not
enabling the sending of TCP keepalives at all if the value of the
parameter is zero.
FS-6104 --resolve
2014-01-18 15:46:56 +00:00
Seven Du
f5b18c0fdd
FS-5642 --resolve add back the ETIMEDOUT check, needed on Mac
2013-12-13 11:46:14 +08:00
Jeff Lenk
bb53175526
FS-6010 --resolve
2013-11-29 22:16:49 -06:00
Anthony Minessale
bbe1fe1a31
FS-6005 --resolve
2013-11-27 10:20:35 -06:00
Moises Silva
713ddc4834
Fix tport_stamp in the sofia stack to use localtime for the timestamp
2013-10-29 12:17:55 -04:00
Anthony Minessale
c8be999c34
FS-5911 --resolve
2013-10-25 23:51:43 +05:00
Jeff Lenk
88b2e96516
windows fix compiler errors
2013-10-22 23:23:48 -05:00
Anthony Minessale
20a55d3cc6
update
2013-10-22 16:27:15 -05:00
Anthony Minessale
e2bdd78d55
FS-5896 --resolve
2013-10-22 20:33:13 +05:00
Anthony Minessale
3c2a5db225
add missing protos
2013-10-21 20:11:30 +05:00
Michael Jerris
bfcd1e07ca
compile failure due to no newline at end of file
2013-10-21 10:54:23 -04:00
Anthony Minessale
0d19abfbdb
FS-5887 --resolve
2013-10-19 00:00:28 +05:00
Anthony Minessale
8aff25e03d
FS-5855 please try lastest HEAD
2013-10-08 12:10:36 -05:00
Michael Jerris
1aa8464114
FS-5819: don't assigne variable to itself
2013-09-30 13:28:47 -04:00
Chris Rienzo
6b9382290d
FS-5819 fix typo
2013-09-27 22:23:23 -04:00
Michael Jerris
42d7d86514
FS-5819: fix bounds check on enum type
2013-09-27 21:28:12 -04:00
Michael Jerris
25001e857f
FS-5819: fix useless assignment in sofia
2013-09-27 12:39:49 -04:00
Anthony Minessale
8493c88f88
fix proto regression from last commit
2013-09-19 19:34:58 -04:00
Anthony Minessale
750847f290
ignore a= lines when m= port is 0
2013-09-19 13:44:20 -05:00
Jeff Lenk
b407732dcd
fix for todays ws.* changes
2013-09-17 23:23:11 -05:00
Anthony Minessale
f1d0357e92
minor fixes in ws.c
2013-09-18 05:13:46 +05:00
Anthony Minessale
50ea67b340
fix connection issue in websocket
2013-09-17 06:24:58 +05:00
Brian West
378648f2b1
similar fix to 53d17a1312
2013-09-12 16:56:07 -05:00
Anthony Minessale
98df017ae6
FS-5780 --resolve
2013-09-12 00:10:28 +05:00
Anthony Minessale
d7608fad7a
FS-5714 --resolve
2013-09-05 20:55:55 +05:00
Anthony Minessale
c001840d9d
FS-5714 --resolve That is probably the right place
2013-09-05 20:41:31 +05:00
Anthony Minessale
53d17a1312
override the default 30 minute timeout on tport connections for websockets
2013-09-04 04:24:53 +05:00
Anthony Minessale
b5ac54ecca
FS-5738 --resolve
2013-08-28 23:18:41 +05:00
Anthony Minessale
dbfde499a4
add val to debug message
2013-08-23 04:13:19 +05:00
Anthony Minessale
da148c0dd4
remove call to close
2013-08-22 18:49:35 -04:00
Anthony Minessale
d00c8a6abf
FS-5641 --resolve
2013-07-29 16:07:03 -05:00
Anthony Minessale
bc851de200
FS-5642 FS-5556 --resolve I have not tested this yet for the connect but I fixed the seg for sure which was an outstanding issue in 5556 reopen 5642 if connect still doesnt work
2013-07-26 11:27:45 -05:00
Anthony Minessale
5dbf2b3cf7
refactor some video code
2013-07-11 17:38:24 -05:00
Jeff Lenk
5fc2bc9993
FS-5588 --resolve windows compiler fixes
2013-07-09 07:53:56 -05:00
Anthony Minessale
94f3b90040
use static buffer and nonblocking socket in websocket client
2013-07-08 08:25:45 -05:00
Jeff Lenk
a52a604fbb
FS-5527 fix compiler error windows
2013-06-28 11:05:27 -05:00
Anthony Minessale
dac93d7936
FS-5527 --resolve
2013-06-28 10:42:06 -05:00
Anthony Minessale
b2e06346d4
some more ws transport tweaks
2013-06-27 14:04:13 -05:00
Anthony Minessale
a26ab6e3e0
fix ssl connect race
2013-06-26 23:10:19 -04:00
Anthony Minessale
afc18668f3
tweak sip ws code to avoid double free
2013-06-26 12:43:54 -04:00
Anthony Minessale
da0c0c0e4a
revert 02c329da33
and put proper fix
2013-06-24 08:31:06 -05:00
Jeff Lenk
02c329da33
fix compiler warning
2013-06-20 14:27:32 -05:00
Anthony Minessale
469bcc562d
fix gcc bug patch
2013-06-20 10:50:33 -05:00
Anthony Minessale
c01fa0e1cf
newer gcc does not like when you use out of bounds array indexes to access other elements in a struct (at least at -O2)
2013-06-20 10:16:35 -05:00
Anthony Minessale
66239f15b0
comment out broken test
2013-06-20 10:16:35 -05:00
Anthony Minessale
a71b199de4
fix ref counting issue in tcp,tls,wss transports
2013-06-19 21:54:58 -05:00
Anthony Minessale
633dcd46b6
yay for bugs
2013-06-19 12:26:45 -05:00
Anthony Minessale
9a87ec6a52
disable dialog matching for subscribe reqs so it always uses a new handle to avoid conflicting with notify transactions
...
Conflicts:
libs/sofia-sip/.update
2013-06-12 23:48:39 -05:00
Brian West
a55d70ed62
add kirk wireless servers to safe as they do not do rport
2013-05-31 11:54:05 -05:00
Anthony Minessale
471b3d33fd
add tcp keepalive where possible
2013-04-25 13:33:17 -05:00
Anthony Minessale
fddad1da06
FS-5343 --resolve
2013-04-24 12:09:35 -05:00
Jeff Lenk
43eaa95746
windows compile another step closer
2013-04-03 08:55:03 -05:00
Jeff Lenk
ff9571e1e9
sofia windows compiler warnings
2013-04-02 17:25:10 -05:00
Ken Rice
23410558ff
hust compiler warning
2013-04-01 17:24:52 -05:00
Anthony Minessale
cc3e75fc62
omit weak ciphers to prevent hackage
2013-03-31 21:27:27 -05:00
Anthony Minessale
68055eab2b
support tls dir options properly
2013-03-31 21:27:26 -05:00
Anthony Minessale
c4b221c750
trying to get mozilla to work using sipml5, got stun/dtls/rtp flowing and its dead silent. c'mon guys... why do you have to do everything differently?????
2013-03-31 21:27:25 -05:00
Anthony Minessale
a36bd797c6
fix shutdown seg
2013-03-31 21:27:24 -05:00
Anthony Minessale
52e7a63bbf
fix for firefox secure websockets which for some reason writes only 1 byte first on secure ws frame
2013-03-31 21:27:24 -05:00
Anthony Minessale
e00ede7e7d
unreg on sock disconnect
2013-03-31 21:27:22 -05:00
Anthony Minessale
0ce92e4cee
wire in tport error callback to nua_stack_tport_error
2013-03-31 21:27:22 -05:00
Anthony Minessale
24868979f7
more portable type
2013-03-31 21:27:22 -05:00
Anthony Minessale
fa8ccff7c3
polish
2013-03-31 21:27:21 -05:00
Anthony Minessale
2ccc771825
fix cpu race on ws poll
2013-03-31 21:27:21 -05:00
Anthony Minessale
99559a3cd3
add NUTAG_WS_URL and NUTAG_WSS_URL tags
2013-03-31 21:27:21 -05:00
Anthony Minessale
e31c74b638
use cert dir from tls config to find wss certs
2013-03-31 21:27:21 -05:00
Anthony Minessale
668f4a6207
working mo better
2013-03-31 21:27:20 -05:00
Anthony Minessale
62e62e1e34
add websocket transport to sofia
2013-03-31 21:27:20 -05:00
Anthony Minessale
a70aa8f9be
add parsers for web socket headers
2013-03-31 21:27:20 -05:00
Anthony Minessale
a4853b8f13
add support for WS and WSS proto in VIA
2013-03-31 21:27:18 -05:00
Anthony Minessale
03e5b366f7
revert whitespace change
2013-03-31 21:27:17 -05:00
Anthony Minessale
20568e64df
wip
2013-03-31 21:27:17 -05:00
Anthony Minessale
9b11dbe4b9
FS-4452 --resolve
2013-03-06 12:58:30 -06:00
Ken Rice
c35a41e4ca
FS-3772 --resolve please no vanity comments
2013-03-01 15:48:48 -06:00
Anthony Minessale
45d849ab74
FS-5095 --resolve all boils down to uninitialized vars grrr
2013-02-19 13:11:50 -06:00
Anthony Minessale
1c9a10162f
FS-5068 --resolve this was an edge case assert in a DNS error. You may want to check that you have valid DNS servers but this should stop the crash
2013-01-31 13:53:50 -06:00
Anthony Minessale
f0bf3b917d
FS-5047 --resolve This seems to be a problem in libsofia, this should fix it.
2013-01-30 17:20:19 -06:00
Michael Jerris
63deed9fc9
fix double-destroy seg
2013-01-14 12:02:28 -05:00
Michael Jerris
41b2ce51d2
add support for RTP/SAVPF to sofia stack
2013-01-14 08:31:10 -05:00
Anthony Minessale
8e78ca69e5
add some missing macros to typically disabled stun code
2012-12-07 08:42:54 -06:00
Anthony Minessale
18f20e24bf
fix bad return vals on sending messages when under stress
2012-11-13 17:56:31 -06:00
Anthony Minessale
e8f3e42f8b
FS-4779 try this patch
2012-11-08 09:52:20 -06:00
Anthony Minessale
6627dc8696
fix some contention issues under really high load...That doesn't mean you need to push it this hard and bug me about it =p
2012-11-07 14:53:16 -06:00
Anthony Minessale
e884de5b07
add NUTAG_RETRY_AFTER_ENABLE() tag to lib sofia and use it in mod_sofia to disable processing retry-after headers on a per-call basis
2012-11-02 13:54:54 -05:00
Seven Du
3ef548eeb5
fix compile, please review
2012-10-27 08:24:01 +08:00
Anthony Minessale
63e2044a7e
modify sofia debug code to print file, line numbers and function name
2012-10-26 14:15:14 -05:00
Anthony Minessale
5f469ad2bd
FS-4753 --resolve this should properly detect it everywhere
2012-10-23 13:14:51 -04:00
Seven Du
0263ce9247
FS-4695 fix apple build, seems there's no pthread_setschedprio on Mac, not sure if windows has the same problem in apr/threadproc/unix/thread.c
2012-10-08 09:03:34 +08:00
Jeff Lenk
5620d6d063
windows fixes for priority - needs to be revisited when apr and pthread versions support calls.
2012-10-01 20:34:15 -05:00
Anthony Minessale
0f477d1586
increase pri in sofia
2012-10-01 12:25:10 -05:00
Anthony Minessale
016550f218
FS-4627 --resolve
2012-09-18 18:42:09 -05:00
Anthony Minessale
bb69310259
FS-4079 FS-4540 please update to this version
2012-08-15 22:51:41 -05:00
Anthony Minessale
5867d0424d
FS-4079 please try this
2012-07-18 21:48:53 -05:00
Anthony Minessale
2aebe2456f
first pass on some new stuff
2012-07-11 15:15:50 -05:00
Travis Cross
3f24ef16b1
Avoid -Wunused-value warning
...
Don't use the SET_STATUS1 macro as it will always produce this
warning. It's a rather 'interesting' macro that's probably best
avoided anyway.
2012-06-25 06:41:00 +00:00
Travis Cross
cbde2faab2
Fix confusion between size_t and ssize_t
...
readfile returns a value of type ssize_t (signed) and returns -1 if an
error occurs. In auth_readdb_internal, however, we were assigning the
return value of readfile to a variable of type size_t (unsigned), but
then testing this unsigned value to see if it was < 0, a
contradiction. We would thus simultaneously fail to report the error
in readfile and would end up with a corrupted length value.
2012-06-25 06:38:30 +00:00
Travis Cross
e6629ab5f6
Add missing return statement
...
sres_cached_answers_sockaddr is supposed to return ENOENT if no cached
records are found. Because of the missing return statement, however,
it would never do this and would instead return something very likely
to be garbage.
2012-06-25 06:38:30 +00:00
Travis Cross
5077384c5b
Remove a contradiction
...
base64_d returns a value of size_t, which is unsigned. The value
therefore cannot be less than zero. The second check testing whether
it is >= INT_MAX is not a contradiction, but it doesn't make any sense
to check for this (as far as I can tell).
2012-06-25 06:38:30 +00:00
Travis Cross
76a26648d4
Remove a tautological conditional
...
SU_LOG->log_level is declared as unsigned, hence it will always
be >= 0.
2012-06-25 06:38:29 +00:00
Travis Cross
9e52f33d91
Implement MEMLOCK and UNLOCK as functions
...
Converting these macros to functions declared static inline allow the
C type-checker to work and avoid warnings about unused expression
values. These warnings break the build with clang.
2012-06-25 06:38:29 +00:00
Travis Cross
c01a142665
Implement su_errno and su_seterrno as functions
...
This avoid warnings about expressions with unused values. These
warnings break the build with clang.
An optimizing compiler should still inline these calls. If that turns
out not to happen on some platform, we could rename the functions used
internally and declare them static inline.
2012-06-25 06:38:29 +00:00
Travis Cross
43f2c89a08
Fix memset calls in sofia-sip
...
These calls were zeroing only a pointer's worth of memory rather than
the actual size of the objects.
2012-06-25 06:38:29 +00:00
Travis Cross
c85c8d7bbd
Add mechanism to set OpenSSL session timeout
...
In a sofia profile, you can now set the parameter tls-timeout to a
positive integer value which represents the maximum time in seconds
that OpenSSL will keep a TLS session (and its ephemeral keys) alive.
This value is passed to OpenSSL's SSL_CTX_set_timeout(3).
OpenSSL's default value is 300 seconds, but the relevant standard
(RFC 2246) suggests that much longer session lifetimes are
acceptable (it recommends values less than 24 hours).
Longer values can be useful for extending battery life on mobile
devices.
Signed-off-by: Travis Cross <tc@traviscross.com>
2012-06-11 21:46:05 +00:00
Ken Rice
0eca328f48
white space cleanup
2012-05-03 18:55:06 -05:00
Anthony Minessale
8664dc6d5a
some perfomance tweaks
2012-05-03 16:31:21 -05:00
Anthony Minessale
b553d62fbd
add sip_require_timer=true variable to enable require timer on session refresh that breaks finicky endpoints
2012-04-26 10:35:02 -05:00
Michael Jerris
7d3816dbea
silence set but not used
2012-04-25 15:19:47 -04:00
Michael Jerris
ba4280e61f
try to add a tag to disable timer autorequire NUTAG_TIMER_AUTOREQUIRE(0)
2012-04-25 15:15:32 -04:00
Anthony Minessale
62c14df322
FS-3774 --resolve
2012-04-10 16:19:23 -05:00
Anthony Minessale
92fb339434
FS-4071 --resolve
2012-04-04 16:18:53 -05:00
Anthony Minessale
872a0fe658
FS-3957 --resolve
2012-03-01 10:04:07 -06:00
Jeff Lenk
5e66db63f1
FS-3896 --resolve that sizeof was incorrect
2012-02-17 08:50:03 -06:00
Anthony Minessale
ef097a19b9
FS-3794 please repat all tests with this version
2012-01-16 17:26:35 -06:00
Anthony Minessale
7938fd81cc
FS-3813 --resolve this should be ok
2012-01-16 12:47:37 -06:00
Marc Olivier Chouinard
f97a3266df
FS-3071 I've commited the upstream passphrase backport
2011-12-18 11:04:59 -05:00
Anthony Minessale
e9bde2eb0e
FS-3758 --resolve ok so I wrote my own patch but i did borrow the 2 lines of code to create a seq from the original patch! sofia changes probably need to be converted to a tag if they are to go upstream. This completely manages sub/pub from inside mod_sofia inside the db and subs can now persist and/or fail over mid dialog tested on several things like polycom/snom/yealink on SLA and presence
2011-12-15 16:30:33 -06:00
Anthony Minessale
9fe1f6fdcb
FS-3748 --resolve
2011-12-06 18:12:48 -06:00
Anthony Minessale
58c3c3a049
comment out optional Require header from re-invites for the sake of interop with testy t.38 terminals
2011-11-22 18:22:57 -06:00
Anthony Minessale
a19352aa23
FS-3688 revert
2011-11-18 17:01:03 -06:00
Anthony Minessale
2fae5dfadd
FS-3688 please do clean build and test make current or the equiv
2011-11-17 11:44:10 -06:00
Anthony Minessale
032155c51e
FS-3658 remember to date > libs/sofia-sip/.update when you patch sofia lib
2011-11-02 08:59:23 -05:00
Anthony Minessale
cd8ccebbf4
save via_string when sent to nh so we can use it in session timer re-invites to fix double nat issue
2011-08-22 10:58:33 -05:00
Anthony Minessale
a95b5c3823
FS-3474 sofia portion
2011-08-19 16:34:17 -05:00
Anthony Minessale
bc177a4b28
FS-3475 --resolve
2011-08-02 13:51:57 -05:00
Anthony Minessale
ed23847574
fix mac build
2011-08-01 10:01:50 -05:00
Jeff Lenk
02bb35148d
trivial compiler warning
2011-08-01 10:39:11 -05:00
Jeff Lenk
2b6a4f97c3
trivial portability issues c89
2011-08-01 09:48:08 -05:00
Anthony Minessale
3e029f0dfb
add capture hooks to libsofia
2011-07-31 18:36:05 -05:00
Mathieu Rene
7403db7005
Fix segfault in sofia's stun code
2011-07-27 12:26:43 -04:00